The invention relates generally to transmission of confidential data in a data network. The invention relates especially to a method and a system for transmitting data allowing direct distribution of a randomly determined benefit in a data network in response to a given payment.
Conventional instant lotteries are usually based on lottery tickets made of paper or paperboard containing printed information about the prizexe2x80x94if anyxe2x80x94offered by the lottery ticket. The information is protected e.g. with a tear-off tab or a scratch off surface, which is intact when the ticket is purchased and may be broken by the purchaser only when he has paid for the ticket.
As data transmission and even money transactions are increasingly performed by electronic means, in open data networks as the Internet, it would be preferable to be able to carry out services like instant lotteries by electronic means in a data network. In this context, an open data network implies any network or network combination for electronic data transmission, which does not assure data security as such, but in which, by using special encrypting provisions, it is possible to safely transmit even confidential information. As stated herein, electronic instant lotteries stand for a game in which the customer, i.e. the player, buys a benefit immediately available against a certain payment, the value of the benefit being determined by random. Instant lotteries with electronic user interfaces may resemble lottery tickets shown on a display or they may be performed in some completely different way. As an example of various electronic instant lotteries, it would be conceivable to provide an interactive game played over a data network, in which a player can open a hatch or a door by paying, whereby an object, passage or any other benefit exposed behind the door is determined substantially by random.
Security involves a special problem when electronic instant lotteries are arranged. Both the player and the lottery agency should be able to authenticate the other party as the one he/she claims to be. The content of data passing over a data network should not be corrupted during the transmission, nor should the data sender be able to subsequently repudiate his transmission of these particular data. In addition, third parties should not be able to break the privacy of confidential data. All confidential data transmissions over data networks have these features in common. In addition to this, in the case of electronic instant lotteries, security involves all the preventive actions against abuse of the system for instance by fraudulent discovery of the winning tickets and the prizes they offer, or in a given player or players getting hold of electronic instant lottery tickets without paying the due fee.
FIG. 1 shows a conventional system for arranging instant lotteries or a similar money game at least partly over a data network. The player""s computer 102 and the lottery agency""s server are connected to data network 101. In the server, a game program 104 is running, in which the player can buy lots in a generic sense of this concept. Over the game period, a xe2x80x9cprotectedxe2x80x9d session is formed between the computer 102 and the server 103, illustrated schematically in the figure by pipe 105. This session has the function of accomplishing all those features mentioned above, common for all confidential data transmissions.
The system shown in FIG. 1 involves the problem of the player or the game supervising authority not knowing whether the game program 104 runs correctly or not. In practice, the lottery agency can program his server for instance so that a player cannot win but very small prizes. Since the probability of winning big prizes is small in any case, the player cannot know whether big prizes are not won due to bad luck or to the lottery agency""s dishonesty. At the most, the supervising authority may check the prize distribution in the long term and thus strive to conclude whether the game program functions the way the lottery agency has reported. If the lottery agency is a company with several employees, the company may perhaps have honest intentions as such, however, one or more among the staff may abuse their information about the game program structure and direct prizes to themselves in a non-random way. For the lottery agency, especially in lotteries with big individual prizes, the system of FIG. 1 involves the additional problem of not allowing an upper limit to be quite reliably set for the total sum of the prizes to be paid.
The object of the present invention is to suggest a method and a system which function more safely than the conventional system described above. Another object of the invention is to provide electronic instant lotteries which are applicable to various interfaces and game systems.
The objects of the invention are achieved by using encrypted lots and a key database which is separate from the lot database.
According to if the invention the method comprises the steps of
generating and storing a plurality of instant lots, each of which comprises prize data which is encrypted and can be decrypted with a lot-related key,
storing the keys with which the encrypted prize data of stored electronic instant lots can be decrypted, separately from the stored electronic instant lots,
providing a given player access to the stored electronic instant lots so that the player acquires a given electronic instant lot and
providing said player access to the stored keys so that the player acquires a key to corresponding to a given electronic instant lot.
The invention is also directed to a system comprising
a first data system for generating at least partly encrypted electronic instant lots,
a second data system for storing the generated, at least partly encrypted electronic instant lots,
a third data system for storing such lot-related keys with which the electronic instant lots can be decrypted, separately from the electronic instant lots,
a data transmission connection from the first data system to the second data system and a third data system, and
means for offering a number of players a data transmission connection to the second data system to give the player access to electronic instant lots and to the third data system for giving the player access to keys corresponding to the electronic instant lots.
Encryption and decryption of messages is known per se. In accordance with the invention, each message representing an individual electronic lot is encrypted separately and the encrypted lots are stored in a specific lot database. In addition, a key database is formed, which contains a key corresponding to each individual encrypted lot, the key serving to decrypt the lot. When a player acquires a specific lot, he gets a message representing the encrypted lot and a game receipt as evidence of his legal acquisition of the lot. By presenting his receipt to the key database, the player gets a key, with which he can decrypt the lot. Should the lot prove to offer a prize, the player can present the lot and the game receipts as evidence of legal reception of the lot and the key to the lottery agency, who delivers the prize to the player. The order of giving the player access to the lot and to the corresponding key can also be inverse.
A prerequisite for ensuring safety is that the lots are generated and encrypted by a particular lot press, i.e. a reliable party which does not benefit from the winning lots being sold or unsold. The lot database generated by the lot press and containing encrypted lots can be put under the control of the lottery agency. The key database consisting of keys required for decrypting the lots can be kept under the control of the lot press or delivered to a particular key holder, who is also a reliable party not participating in the game. The key database may, of course, also be under the control of the lottery agency, however, such an arrangement may result in the players having less confidence in the honesty of the game. The data transmission connections between a player, a lottery agency, a lot press and a key holder over a data network can be protected by using methods known per se for transmitting confidential data over a data network.